<?php
/* FILE: process_security_check.php
 * DESCRIPTION: Process called when user presses submit button on security_check.php
 * POST DATA: answer
 * GET DATA: un (user name), cd (user join date)
 */
	include('config.inc');
	include('includes/functions.php');
	
	//Get GET and POST data
	$user = (string)$_GET['un'];
	$date = (string)$_GET['cd'];
	$answer = (string)$_POST['answer'];
	
	//Get the security answer
	$securityQuery = 
		"SELECT user_security_answer FROM user WHERE user_name = '"
		. mysql_real_escape_string($user)
		. "' AND user_join_date = '"
		. mysql_real_escape_string($date)
		. "';";
	if(!$securityResult = mysql_query($securityQuery))
		die("Error retrieving security information");
	$securityAnswer = mysql_fetch_array($securityResult);
	//If security answer in database is equal to one provided by user, go to new password page
	if($answer == $securityAnswer[0])
	{
		header('Location: new_password.php?cd='
				.mysql_real_escape_string($date)
				.'&un='
				.mysql_real_escape_string($user)); 
	}
	//Otherwise go back to security questions page on wrong answer
	else
	{
		header('Location: security_questions.php?err=wrong&cd='
				.mysql_real_escape_string($date)
				.'&un='
				.mysql_real_escape_string($user));
	}
?>